To keep this question simple, I have a two playbooks and each playbook is supposed to run against a pre-configured Linux image that performs a role. One role is for desktops another role is for servers.

The amount of deployed desktops could be hundreds or thousands so I really need a simple solution that scales without much human interaction.

I imagine some desktop users will need to have custom changes. While the desktops uses 99% of the standard role configuration, they might need to have a specific background image or have their timezone set for their account as just an example or whatever else needs to be locked in on that desktop.

I don't want to create a playbook structure for each machine that steps outside of the standard configuration so is there a way to say, run the standard playbook but also run this other set of tasks but only against a host/group name matched in AWX after the standard playbook or even in the middle of a standard role task job?

Example might be in the tasks / main.yml can I include another yml file which is imported and run if a host matches an AWX group? This way the standard role is kept fairly clean which just imports another file that might import another file based off host matches which should match the group name in AWX?

Concept I'm thinking of, unsure if doable or something like it? All I would need to do is add a test in custom.yml and create a new file with the custom tasks for that host/group.

1 Answer
1

Including all exceptions into the playbook is not necessary, if the user may customize outside ansible. Also, beware having too large and complex of a playbook, you can have multiple playbooks.

That said, per group and per host values and actions are possible.

Define all values as variables to allow overrides. For example, at the role default level time zone is tz: UTC but in group_vars/desktop it can be tz: America/Chicago or whatever. In a common role you run on all hosts, use the timezone module:

- timezone:
name: "{{tz}}"

Optional per-host tasks are a bit trickier. Try a static include with the first_found lookup. First look up the most specific file name containing inventory_hostname, then a (possibly empty) defaults file.

If you find yourself reaching for this pattern, consider limiting its use. It only works on hosts already targeted by the play, and host specific behavior inside a tasks directory is not very intuitive.

A role is a more manageable unit to contain tasks and vars, and can be reused against any number of hosts. Have Ansible users contribute roles, which can be maintained separately from your play if you wish. Then map them to hosts in playbooks: